Linus Torvalds writes: (Summary)
IOW, the old "open /proc/kallsyms as a normal user, then make it stdin
for some suid-root program that can be fooled to output it probably
works on it.
works on it.
So kptr_restrict ends up being entirely the wrong thing to do there. And as mentioned, that will just make people use %x instead, or randomly sprinkle the new "I didn't really mean this" modifiers like the already discussed pr_debug() case.
the already discussed pr_debug() case.
So even when kptr_restrict "works", it ends up just fighting itself.
works on it.
So kptr_restrict ends up being entirely the wrong thing to do there. And as mentioned, that will just make people use %x instead, or randomly sprinkle the new "I didn't really mean this" modifiers like the already discussed pr_debug() case.
the already discussed pr_debug() case.
So even when kptr_restrict "works", it ends up just fighting itself.